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(54) Title: SECURITY ARRANGEMENT 




(57) Abstract: The present invention relates to a security arrangement (10) for ensuring access to a unit or information in a unit, 
Q mainly comprising a key unit (11) and a lock unit (12). The key unit (11) is arranged in a distance from the lock unit comprising 

an input unit (13) and a communication unit (14). The identification of a user is performed in the key unit (11) before the lock unit 
^ accepts locking/unlocking. 
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Title 

SECURITY ARRANGEMENT 
TECHNICAL AREA 

5 

The present invention relates to a security system for securing a unit or a set of information. 
DESCRIPTION OF STATE OF THE ART 

10 The increasingly rapid development within the electronics area has resulted in more 

electrical apparatuses with reduced size and mobility. The mobility itself has lead to, not 
only the apparatus itself but also the information stored therein have become appealing and 
attractive for thieves. 

15 The known security arrangements provide either locking using hardware or software in 
combination with a primary input signal. 

In the case of hardware lock, a first input unit is used, e.g. fingerprint input (a biometric 
sensor), pin-code combined with or without an additional unit, e.g. a so-called smart-card or 
20 the like. 

In the software case a verification software is used, which controls that a correct input (pin- 
code, fingerprint etcetera) is presented via an external input unit. Normally, the software is 
installed in a storage unit, such as a hard disc, which is easily accessible. 

25 

SUMMARY OF THE INVENTION 

The object of the present invention is to provide a very reliable and safe device for 
preventing access to equipment and/or information stored therein. 

30 

Another object of the present invention is to provide a device, which can be combined with 
different units, both for locking and identity input. 
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One of the advantages with the arrangement, according to the present invention, compared 
to known technique, is amongst others that (if applicable in a computer) no modifications of 
the operating system or the BIOS of the computer are needed. The fact is that such systems 
are easy to force, even without any greater knowledge within the area. 

5 

Furthermore, a lock unit, according to the invention, is integrated in the equipment to be 
protected, implying a complete safety, besides that the normal inputs and outputs of the 
equipment, ports, etc., do not need to be modified. 

10 These objects have been achieved by means of the security arrangement for securing access 
to a unit or information in a unit, comprising mainly a key unit and lock unit, which is 
characterized in that the key unit is arranged in a distance from the lock unit comprising an 
input unit and a communication unit, and that the identification of a user is carried out in the 
key unit before locking/unlocking is accepted by the, key unit. 

15 

BRIEF DESCRIPTION OF THE DRAWINGS 



20 



30 



In the following, the invention will be described with reference to the embodiments 
according to the enclosed drawings, in which: 



Fig.l shows a block diagram over main parts of an arrangement according to the 
invention, 

Fig.2 shows a diagram over the communication between two units in the arrangement 

according to the invention, 
25 Fig. 3 shows a block diagram over a first embodiment implementing an arrangement 

according to the invention in a computer unit, 
Fig. 4 is a schematic side-view of a mobile communication unit provided with an 

arrangement according to the invention, and 
Fig. 5 is a block diagram showing another aspect of the invention. 



DET AILED DESCRIPTION OF PREFERRED EMBODIMENT 



The device 10, according to the invention, which is schematically shown in Fig.l, consists 
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The first unit consists of a sensor or a key part 10 for entering an identity, which performs 
an identification of the user. The key part 10 may be divided in two units: an input unit 13 
5 and a key unit 14, which are preferably, but not necessarily, integrated in one physical unit 
11. 

Preferably, the input unit 13 may consist of any type of arrangement, preferably by means of 
which a unique identification information can be entered. A such arrangement may 
10 comprise a biometric sensor, PIN-code reader, voice detection device, eye detection device, 
card reader and so on, all well known for a skilled person. 

The second part consists of a lock unit 12, protecting the object 15 in question. 

15 The key unit 14 initiates a unique communication procedure between the key part 1 1 and the 
lock part 12. Unique for the invention is that the identification of the user is directly carried 
out in the key part 1 1 and do not occur in the lock part. 

After registration of a user, a corresponding lock can be opened. There are two possibilities 
20 to open the lock, on one hand during a certain preselected time period, on the other hand 
permanently (if manually chosen), which however gives a poor safety. If the lock has been 
opened under a certain time period, the user is requested to identify himself once more when 
the time has lapsed. 

25 Under the operation the identity is entered, e.g. by pressing the finger on a sensor (FPS), 
entering a pine code etcetera. If the identification of the user is approved, an encrypted 
electronical message from the key unit to the lock unit is sent, whereby the locked resource 
or object 15 (e.g. a hard disc in a computer) is made available for the user. 

Using a secure transferring method between the units guarantees that it is not possible to 
30 send a false message to the lock unit for procuring access to the locked unit. 

, The external unit, the key unit 14, is provided with electronics, mainly including a 

microprocessor 16 with a built-in and substantially protected program and data memory. 



BNSDOCtD: <WO 012O463A1_l_> 



WO 01/20463 4 PCT/SE00/0181 1 

The latter is a precaution, enabling access to the program or stored key information for 
reading or copying. 

Preferably, there is a list of allowed users stored in the key unit 14. Maintenance of this 
5 register, such as adding new approved users, deletion of users etc., is carried out locally 
without communication with other units. 

The key unit decides at every occasion, if the object should be protected, should be opened 
or locked. The decision is normally based on an operator/user decision, i.e. the key is 
10 initiated with allowed users. The locking may also occur on initiative of the lock unit after a 
certain predetermined time, if the operator despite a request, do not identify itself within a 
certain time. 

The key unit can be completely open and must not be protected against infringement, since 
15 the computer and data store cannot be externally read outside the processor (security 
function in the processor). 

The lock unit 12, which communicates with the key unit, e.g. via a serial connection, is 
^ mounted and protected on or in the object 15 to be locked. At each attempt to access the 
20 locked object by bypassing the normal login procedure through the key part 1 1 will be 
discovered by the lock unit. Alternative steps may be initiated, i.e. inactivity for a longer 
time period, warning messages, erasing data on a hard disc/storage unit etcetera. 

The communication between the key and the lock units is carried out by means of, e.g. 
25 digitally coded signals via a serial connection. 

The connection may be asynchronous and may occur with a relatively high transfer rate. The 
communication occurs with a special lock protocol, which may also comprise known parity 
and time controls. 

30 

As mentioned, the purpose with the safety system, according to the invention, is amongst 
others to prevent unauthorized access to, for instance computers, or more specifically, 
access to a certain hard disc and the information therein. To obtain an almost complete 
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security, an encrypted protocol can be used in the communication between the key part 1 1 
and the lock part 12. The probability for successful infringement depends on the length of 
the random number, the protected length of the key and the length of the response. It may 
easily be made less than, for instance 10" 18 , which practically means that it is safe for 
5 unauthorized access. 



The lock protocol is a communication procedure ensuring computer integrity of the 
transmission and, guarantees that unauthorized infringement of the data exchange between 
the units cannot occur. If the message exchange is carried out correctly, the locked object is 
10 opened and stays open, respectively. If any errors should be detected, the object is locked. 

For verifying authentication, the following message exchange may be used (see fig.2): 
a. The key unit or the key code 14 starts a verification sequence by sending a request to 
the lock unit, 

15 b. The lock unit responds with a variable random generated message, 

c. At the same time a numerical value is calculated using a special algorithm utilizing a 
protected key. This value, which is completely derived from the response message 
sent out, is stored for later use, 

d. The key unit responses with a numerical value being calculated from the received 
20 message using the same algorithm and key being used in the lock unit. This number 

may be used unchanged in the response, or coded in such a way that the lock unit 
can interpret it. If the lock unit receives a message, which contains a number being 
identical to, the number calculated at the transmission during step b, the 
authentication is considered as confirmed. 

25 

If the message exchange turns out correctly, according to steps a-d above, the locked object 
is unlocked, or remains open, respectively. If the response does not agree, the object remains 
locked. 

30 The hidden key code may differ between the key and the lock unit (s) and between the lock 
units. This is possible because the key unit is initiated with additional information being 
specific for the connected lock unit, respectively. This enables the lock unit to return a 
correct response to the lock unit (as if it has access to the key code of the lock unit). 
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In the most preferred embodiment, a biometric sensor unit is used as the input unit. 

Biometric sensors involve considerable advantages for identification of persons at entrance, 
5 computer access etc. Amongst the advantages, the speed can be mentioned, an extremely 

high degree of security for the identification and also above all no problems with forgotten 
: passwords or password, which have fallen into the wrong hands. In combination with the 

invention, the sensor part performs a biometric identification of the fingerprints of the user. 

When the identification of the fingerprints of the user is approved, an encrypted message is 
10 sent from the key unit to the lock unit, whereby the locked resource is made available to the 

user. 

Registers of allowed fingerprints are in the key unit. Maintenance of this register, i.e. adding 
new approved fingerprints, removing fingerprints etc., is done locally without any 
15 communication with other units. 

The sensor unit may be provided with indication means, such as two light-emitting diodes, a 
red one and a green one, for facilitating registration and deregistration of fingerprints. The 

: diodes indicate whether the lock is closed or opened, and also the status at the 

20 registration/removal of fingerprints. 

In the following a number of non-limiting examples are given, which clarify different 
aspects of the invention. 

25 The first non-limiting example, shown in fig. 3, relates to a hard disc unit 30 (or another 
memory unit or storage unit) in a computer unit provided with a fingerprint sensor 31 or a 
biometric sensor, i.e. an add-on unit. An add-on is one of many applications of the lock 
system according to the invention. With an add-on unit is meant a standard unit, such as a 
hard disc, which has been provided with a lock unit and which is connected to a computer 

30 unit (or the like) via a special electrical arrangement, which are located on, for instance a 
controller board 32 (insert card to the computer, such as ISA, PCI or the like). The 
electronic comprises of the key unit and also applications for communication with the soft 

i 

ware in the computer via said data bus. To the board 32, a sensor 31 or alternatively other 
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identification equipment is connected d.rectly or via, e.g. ER or rad,o (Bluetooth) or the like. 

In this preferred embodiment, a standard hard disc is modified to work together with the 
lock device according to the invention. This impUes that it is provided with an internally 
mounted lock system and which is through hardware prevents the disc from accessing data. 
An appropriate procedure depends on the unit (disc) construction. 

Connections to the unit remain the same as to an ordinary hard disc, i.e. signal cables and a 
power feed from the power unit of the computer. An additional connection for the 
communication of the lock with the controller is provided. 

Lock-functions, according to the invention, are obtained by means of the key unit and lock 
unit, respectively. The fingerprint sensor is connected through a cable and switch to the 
interface of the controller unit, on which the key unit is applied. The lock unit is arranged on 
15 the hard disc. 

Except for lock functions, electronics for the communication with the programs of the 
computer are arranged in the lock unit. The program may amongst others pre-warn about the 
locking of the hard disc. Moreover, the locking can be carried out from the software. 



10 



20 



To restart the computer a switch is used, normally mounted on the front side. This is always 
energised (Vin=+5 V), even when the computer is shut off, provided that the mains voltage 
is switched on. When switched, a signal is provided to the motherboard and the computer is 
started. By using the fingerprint sensor, the switch can be disconnected and Vin, which is 
25 through the contact, is instead connected to the controller card. From there it is connected 
further to the fingerprint sensor. In this way the fingerprint sensor is always switched on. An 
approved log in gives a signal from the controller card to the motherboard replacing the 
ordinary button pressing. 

30 Locking may be initiated in several ways: 

- Automatically, when a certain amount of time has passed (e.g. in case of unauthorized 
manipulation) 

- When the user locks via the locking system. 
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- When the user locks with using a monitoring procedure, described below. 



Unlocking can normally be carried out in one way, namely by providing a correct 
fingerprint. 

5 If the person/persons who has/have registered their fingerprint/s is/are not available when 
the disc must be unlocked, there is a possibility for, e.g. the system manager or the security 
responsible unlock the unit by using an especial code. This must be a sufficiently 
complicated code to prevent practically any access. 

10 An attempt made to force lock by providing false signals to the hard disc, may result in 
locking it for further access attempts, for instance during a certain time period or until a 
responsible person has reset the lock function. 

The fingerprint sensor may also be completed with other locking devices, for instance smart 
15 cards. 

With the exception for previously enumerated functions, the add-on unit is completely 
compatible with a standard hard disc. 

20 For installation of an add-on unit, special software can be required. This will supervise the 
lock function via a controller card and indicate the status for the user. Particularly, the user 
must be warned in advance in good time before the disc is locked. With this program, it is 
also possible to directly lock the unit. Suitably, the program is always active and the status 
of the disc is shown in the system tray (activity field), where also different commands can 

25 be given. 

Other application areas for the system, according to the invention, are for 
"Notebooks/Laptops", i.e. portable computers, where all types of storing media are secured, 
HDD, FDD, CD, RAM, ROM, flash me jry, main controller board comprising all the 
30 components such as BIOS, controller units for controlling data media etcetera. 

In stationary computers/servers, the protection of the components on network cards and the 
like for administration of networks can be applied. 
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The system may be arranged as a remote control combined with a mobile telephone, as a 
code-provider unit. Data code generator for non-recurrent codes for accesses to computers, 
alarm systems, car locks, passage systems etcetera. 

5 

Transaction codes via telephone systems, GSM, WAP or the like may occur. The unit, 
according to the invention, unlocks the unit and after that it is possible to choose the type of 
action. 

10 In an application using the invention for bank transactions or the like via, e.g. a computer, 
the client may be provided with a sensor/key unit according to the invention. The client unit 
is provided with an embedded unique pin-code and a special algorithm. The pin-code may 
be of the type being used at credit or bankcard applications, but slightly more advanced. The 
same pin-code can also be stored in the key unit being used by the client. The pin-code may 

15 be changed by means of special terminals on the bank. The same unique code can be 
associated with the account number of the client. 

In the bank, when a transaction request is received a response is generated by means of a 
special calculation unit, which proves that the request from the correct key unit is authentic 
20 belonging to the right account holder. 

The function may be described in more detail, according to the following steps: 

the client contacts the bank by means of a computer program installed in his 
computer and enters his account number, 
25 - the bank issues a reply comprising an identification part, lock-data and so on, 

the client selects the type of transaction and fills in the amount and so on and verifies 
the transaction, 

- the program transmits a locking transaction, according to the above description, and 
also transaction data comprising, for instance amount, account number, time stamp 
30 and so on, 

a reply is received only if the lock unit has received the right identification from the 
key unit; the response may comprise identity, variable locking/unlocking data and 
also transaction data, and is sent to the bank. The transaction data (for instance the 
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sum) and authentication of the performer of the transaction is verified at the same 
time. 

the bank uses the algorithm, as mentioned before, together with the pin-code of the 
client for verifying the response, and if correct response can be urged of the 
5 incoming responses and transaction data, which assures that nothing has been 

changed after the biometry control, the transaction is accepted and the client is 
informed. 



If the trade or transaction is carried out, for instance over Internet, the user may be provided 
10 with a key unit arranged with, for instance a biometric sensor or the like. The key unit of the 
user is provided with a unique identification in form of a check sum or the like. The same 
unique identification can be associated with the accounting number of the user at the bank. 
The bank is arranged with controlling means for verification of correct transaction request in 
the same way as above. In this case, the verification and the transaction are first performed 
15 by the bank and then to the seller, in the same way as above. 

In one further example, the invention is used in a mobile unit, such as a mobile telephone, 
shown in Fig. 4. The security arrangement 40 consists of two relative each other pivoting 
parts 41 and 42 (according to this example), where the part 42 comprises a connector 43 for 

20 connection to the communication port (not shown) of the telephone 44. The device 
comprises a sensor unit 45, such as a biometric sensor and the like and corresponding 
electronics and memory arranged on the second part 41. The electronics can be powered by 
the power source of the telephone. The connection part is connected to the telephone and the 
sensor part 41 is attached onto the backside of the telephone, for instance over its battery. 

25 When connected, the telephone can be used as a control or key unit, according to the above 
description. 

The telephone can only be accessed if the right person verified via the sensor uses the 
telephone, which also can be used for controlling other units, for instance when payments 
over the telephone network, remote controlling, opening doors, access to computers (for 
30 instance via the IR interface), etc. In this case the lock unit can be implemented in the 
telephone. 

Examples of other applications employing the invention include: 
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Radio add-on (RFR), i.e., a memory unit, for instance a hard disc, provided with a 
biometric or transponder card reader. 

Lock unit for portable equipment (hand-held computers), only operating when a 

certain transponder is in the vicinity. The transponder can for instance be built in the 

wristwatch. In addition, the wristwatch may be provided with a biometric sensor 

communicating with the hand-held computer via IR or RF. 

The lock device may be built inside a remote control for ensuring that only one 

authorized user can obtain access to the remote-controlled equipment. 

When encrypting/decrypting, i.e. e-mails or files, encryption can be carried out by 

means of a public key while decryption by means of a private key being verified with 

regard to the right person using a biometric sensor. 

The invention is not limited to use of a key or lock unit, but combinations of several key and 
lock units where one or several key/lock units cooperate may also occur. The block diagram 
in figure 5 shows such arrangement, in which L,-Ls denote lock units and K, and K 2 denote 
key units. A key unit, for instance Ki may be arranged to open a number of lock units, for 
instance L1-L4, while K 2 opens U and L5. The term open means also access to different 
resources and information. The communication between lock units and between lock units 
and key units can be carried out via radio, Internet (or other networks), IR and so on, 
preferably decrypted according to the description above. 

While we have illustrated and described only preferred embodiments of the invention, it is 
realized that several variations and modifications within the scope of the enclosed claims 
can occur. 
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CLAIMS 



1. Security arrangement (10) for ensuring access to a unit or information in a unit, mainly 
comprising a key unit (11) and a lock unit (12), 

5 characterised in, 

that the key unit (1 1) is arranged in a distance from the lock unit comprising an input unit 
(13) and a communication unit (14), and that identification of a user is performed in the key 
unit (11) before the key unit accepts locking/unlocking. 

2. Arrangement as claimed in claim 1, 
10 characterised in, 

that the said unit is a computer, cash dispenser, door lock, car door, remote control, mobile 
communication unit, portable computer and the like. 

3. Arrangement as claimed in claim 1 or 2, 
characterised in, 

15 that the input unit is a biometric sensor, PIN code reader, voice detection device, eye 

6 detection device, card reader or mobile telephone and so on. 

4. Arrangement as claimed in claim 1-3, 
characterised in, 

that the user identity is stored in the key unit. 

20 5. Arrangement as claimed in claim 1 - 4, 
characterised in, 

that the key unit communicates with the lock unit by: 

a. starting a verification sequence by the key unit by sending a request to the lock unit, 

b. the lock unit responding with a variable, substantially randomly generated message, 

25 c. calculating a numerical value by means of an algorithm using a protected key, which 
value is completely derived from the transmitted response message, 

' d. responding with a numerical value being calculated from the received message using 
said algorithm and key, which are used in the lock unit, and if the lock unit receives 
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a message containing a value being identical to the value calculated during the 
transmission under step b, the authentication is confirmed. 

6. Arrangement as claimed in claim 5, 
characterised in 

5 that said value can be used unchanged in the response, or encrypted in such a way that the 
lock unit can interpret it. 

7. Security arrangement for a memory unit (30) in a computer unit provided with a 
biometric sensor (31), 

characterised in 

10 that the memory unit is provided with an internally mounted lock system, which as a 

hardware prevents access to data and is connected to the computer unit via a controller unit 
(32), which is comprises a key unit and also functions for communication with parts in the 
computer unit via said controller unit, directly or via a link connected to said sensor (31) or 
other alternative identification equipment. 

15 8. Security arrangement as claimed in claim 7, 
characterised in, 

that said controller unit is an ISA card, PCI card or the like. 

9. Security arrangement as claimed in claim 7 or 8, 
characterised in, 

20 that the controller unit comprises the key unit. 

10. Security arrangement as claimed in claim 7-9, 
characterised in, 

that the computer unit is started through said sensor via the controller unit. 

11. Security arrangement as claimed in claim 7 - 10, 
25 characterised in, 

that the locking can be initiated in several ways: automatically, after that a certain time has 
lapsed and/or by the user via the lock system, and/or by a user using a security procedure. 
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12. A mobile communication unit (44) provided with a security arrangement (40) for 
ensuring acquisition to a unit or information in a unit, 

characterised in, 

that the security arrangement is an external unit connected to a communication port of the 
communication unit, that the arrangement is provided with a biometric sensor being 
connected to the communication unit, whereby the communication unit constitute one of a 
key unit and/or a lock unit, and that identification of a user is executed in the lock unit 
before locking/unlocking is accepted by the lock unit. 

13. Method in a security arrangement (10) for ensuring access to a unit or information in a 
unit, substantially comprising a key unit (1 1) and a lock unit (12), 

characterised by 

arranging the key unit (11) distanced from the lock unit comprising an input unit (13) and a 
communication unit (14), and identifying a user in the key unit (11) before 
locking/unlocking accepted by the key unit. 

14. Method as claimed in claim 13, 

comprising verification of the authentication steps of: 

a. initiating a verification by the key unit by sending a request to the lock unit, 

b. responding by the lock unit with a varying, randomly generated message, 

c. calculating a numerical value simultaneously by means of a special algorithm using 
a protected key and storing it for later use, 

d. responding by the key unit with a numerical value being calculated from the message 
received, using the same algorithm and key used in the lock unit, and 

e. confirming authentication if the lock unit receives a message containing a numerical 
value, which is identical to the one confirmed at the transmission during step b. 

15. Method as claimed in claim 14, 
characterised in 

that said value is completely derived from the response message. 
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AMENDED CLAIMS 

[received by the International Bureau on 3 1 July 2000 (3 1 .07.00); 
original claims 1-15 replaced by new claims 1-13 (3 pages)] 



1 . Security arrangement (1 0) for ensuring access to a unit or information in a unit by 
authenticating a user, said arrangement mainly comprising a key unit (11) and a lock unit 
(12), the key unit (11) being arranged distanced from said lock unit comprising an input 
unit (13) and a communication unit (14), whereby the authentication of the user is 
performed in the key unit (11) before the key unit accepts locking/unlocking of said lock 
unit, 

characterised in 

that the key unit is arranged to communicate with the lock unit by starting a verification 
sequence by sending a request to said lock unit, the lock unit is arranged to respond by 
transmitting a variable, substantially randomly generated message, and to calculate a 
numerical value by means of an algorithm using a protected key, which numerical value is 
derived from the transmitted response message, and said key unit is amnged to respond 
with a numerical value being calculated from the received message using said algorithm 
and said protected key, and if said lock unit receives a message containing a value being 
identical to the value calculated by the lock unit, die authentication is confirmed. 

2. Arrangement as claimed in claim 1 , 
characterised in 

that the said unit is a computer, cash dispenser, door lock, car door, remote control, 
mobile communication unit, portable computer and the like. 

3. Arrangement as claimed in claim 1 or 2, 
characterised in 

that the input unit is a biometric sensor, PIN code reader, voice detection device, eye 
detection device, card reader or mobile telephone and so on. 

4. Arrangement as claimed in claim 1-3, 
characterised in 

that the user identity is stored in the key unit. 



5 . Arrangement as claimed in claim 1 , 
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characterised in 

that said value can be used unchanged in the response, or encrypted in such a way that the 
lock unit can interpret it. 

6. Security arrangement according to claim 1, 
* characterised in 

* that it is provided for a memory unit (30) in a computer unit, 
that said key unit is a biometric sensor (31), 

that the lock unit is provided within the memory unit, which prevents access to data and is 
connected to the computer unit via a controller unit (32). 

7. Security arrangement as claimed in claim 6, 
characterised in 

that said controller unit is an ISA card, PCI card or the like. 

8. Security arrangement as claimed in claim 6 or 7, 
characterised in 

that the controller unit comprises the key unit. 

9. Security arrangement as claimed in claim 6-8, 
characterised in 

that the computer unit is started through said sensor via the controller unit 

10. Security arrangement as claimed in claim 6-9, 
characterised in 

that the locking can be initiated in several ways: automatically, after that a certain time 
has lapsed and/or by the user via the lock system, and/or by a user using a security 
procedure. 

1 L A mobile communication unit (44) provided with a security arrangement (40) according to 
claim 1 for ensuring acquisition to a unit or information in a uni t, 
characterised in, 

that the security arrangement is an external unit connected to a communication port of the 
communication unit, that the arrangement is provided with a biometric sensor being 
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connected to the communication unit, whereby the communication unit constitute one of a 
key unit and/or a lock unit, and that identification of a user is executed in the lock unit 
before locking/unlocking is accepted by the lock unit. 

12. Method of authentication in a security arrangement (10) for ensuring access to a unit or 
information in a unit, substantially comprising a key unit (1 1) and a lock unit (12), the key 
unit (1 1) is arranged distanced from the lock unit comprising an input unit (13) and a 
communication unit (14), 

characterised by the steps of: 

a. initiating a verification by the key unit by sending a request to the lock unit, 

b. responding by the lock unit with a varying, randomly generated message, 

c. calculating a numerical value simultaneously by means of a special algorithm using a 
protected key and storing it for later use, 

d. responding by the key unit with a numerical value being calculated from the message 
received, using the same algorithm and key used in the lock unit, and 

e. confirming authentication if the lock unit receives a message containing a numerical 
value, which is identical to the one confirmed at the transmission during step b. 

1 3. Method as claimed in claim 12, 
characterised in 

that said value is completely derived from the response message. 
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